Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3107204pxv; Mon, 12 Jul 2021 09:26:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy3tPJaF40mVqFkVX/WhqwVYSyAoExEt/CDG2vnTc3QETWH5/+wNraMAKuiP9BlqockgmmH X-Received: by 2002:a05:6402:2213:: with SMTP id cq19mr7030912edb.320.1626107193990; Mon, 12 Jul 2021 09:26:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626107193; cv=none; d=google.com; s=arc-20160816; b=Z+vNsVZVc/Znq4SBONR4fYwX1JLTDrbW9C2Y56XSfiAg/UR/mAMuDUZrEsK+S4nP/W rXPCLL6Q1/NcFoJ6nPQzAq0udX1rdRJRcdJKXMqocTTV4fsLNxnSB3mQwAVP1SLJy/1k mCdlMeqh/JGGNcrhucM+3VGSpvZf/1SF+GPGs/b6w9tMFcubWLSIsiMszzaq2/W9ctpX IyD1+dDtguIJDFdCrRNq0nVaUB7xmrqGujo18XPVr+uIhS2euFT3qMYHmYAuXATJpsiC q9mAFypyOOI+IcySUxAkidThROK2si5Lye5YnkDiZDCNZTldoKSR8OwPvp/e23uG8b3k mvig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=91K9fVSqD7weIFhTBGPdZoWmFd1uNebYt0kdpf0Fcos=; b=nGEPEFyAaR0MXU/Le0k5UR7FnPKPifF7KkP3eh3uQ556CKpje+6/BMYjRimRc14s8l uXqiCvt+VkXyB0C2yuAeYr59stmmvRazrG+kKDeUxryLans8ZTN8Q74R8DDoVWNKJweH JrLNEwxFyY8SZOWTMGE1KL8oG34ajif7S1M/tNsmAwX5rlRq52aGU/0UlCB1wo955XCu F8R3iPIyHP5TTRZPl1Y+PFE5cOG2JfOcCmF+1/j90zwsWjufC7cE1kwlVzi3gyohQicT osvNGNCgboSZy3mTTr1pmBUMQf5e9Z303+FxFw3ylw7O5g+lnJrha9LCkKCn5nM3GlKi UGbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=mAtOy7kE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id op26si2606620ejb.103.2021.07.12.09.26.06; Mon, 12 Jul 2021 09:26:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=mAtOy7kE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233405AbhGLQZm (ORCPT + 99 others); Mon, 12 Jul 2021 12:25:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54458 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229848AbhGLQZm (ORCPT ); Mon, 12 Jul 2021 12:25:42 -0400 Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F594C0613DD for ; Mon, 12 Jul 2021 09:22:53 -0700 (PDT) Received: by mail-qk1-x72c.google.com with SMTP id a6so18525111qka.4 for ; Mon, 12 Jul 2021 09:22:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=91K9fVSqD7weIFhTBGPdZoWmFd1uNebYt0kdpf0Fcos=; b=mAtOy7kE1GoHX/dACCRPGowBhQ2PDL92s+EWROICJxR3udof3FZESHfyA3/PE2G4n/ XSVfAVk1ljdFgMDpOs6ma4ZCqxaxBWSV1NlIFMx/zUCnY+Ql3nH2TUEenHIiY/2wa7CP tNtWvyjHfuvbfA3TldA2uhTQA7GtjPhPCNNI2VCwfQoy/HrfZ0eIGBNmekc/A5/8eBsB Ot3gIT8MBh1IQP2eEnPBtIvmZy0Mk1I5aSAqt+/R/EA1DNRzg9vwcqwwDmv7v/UbHLGm Cxeow6v1yOzZQ93AjWLI0iT2YL6Dt4u5eTKMiI25QVLCqxhfz1hJhX9/cOug5S/f2CZL 7Fkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=91K9fVSqD7weIFhTBGPdZoWmFd1uNebYt0kdpf0Fcos=; b=N+7XMcFuqoUnvsiWDE30PpbF0OFmPyC3urohyJI20mzF3FbntjHju7CVJFmZIj2Yxl pJc6e7NQ8GmTBsaCxxftQkA56Ukj+u0V9oFtSOgKtReFRVsHPxpmVxNipGVx+3E9uZ7C xPe58n8aipJ+t5C8AfKIgnnhZpAg2RrfvktUsmTztcrt1gNu8WR+6ORc33tYzfZK+UKd Js5EeO5zhpwg4kUpIxEq65nmdhZw0ZW7//aRAH290h/+GgP6TwYIL73pocqAPJnKnw4X GitkeFlxbHXkwqVi4bveIpGnHYTuw+inH3DG4NCNPCFBqpmEFcacaHDBYKyHY/NMn4Cj iehQ== X-Gm-Message-State: AOAM530VDr6UWEGAiItFegSPQRSES8PDEyEgKHg6ouP+zVJtaLIDQWYN EZCXDpm4ZX3TktUvsl71n2+8nO6NTWZAOSzj02I= X-Received: by 2002:a37:9e07:: with SMTP id h7mr28939942qke.481.1626106972262; Mon, 12 Jul 2021 09:22:52 -0700 (PDT) MIME-Version: 1.0 References: <161dac7a-5aad-150e-7c14-7bb195ecf30f@canonical.com> In-Reply-To: <161dac7a-5aad-150e-7c14-7bb195ecf30f@canonical.com> From: Matthew Auld Date: Mon, 12 Jul 2021 17:22:23 +0100 Message-ID: Subject: Re: drm/i915/ttm Initialize the ttm device and memory managers To: Colin Ian King Cc: =?UTF-8?Q?Thomas_Hellstr=C3=B6m?= , Matthew Auld , David Airlie , intel-gfx , "linux-kernel@vger.kernel.org" , "dri-devel@lists.freedesktop.org" , Rodrigo Vivi Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 12 Jul 2021 at 16:17, Colin Ian King wro= te: > > Hi, > > Static analysis with Coverity on linux-next has found a potential issue > in drivers/gpu/drm/i915/selftests/intel_memory_region.c in function > igt_mock_fill - the problematic commit is as follows: > > commit d148738923fdb5077089e48ec15555e6008100d0 > Author: Thomas Hellstr=C3=B6m > Date: Wed Jun 2 10:38:08 2021 +0200 > > drm/i915/ttm Initialize the ttm device and memory managers > > The analysis is as follows: > > > 49 static int igt_mock_fill(void *arg) > 50 { > 51 struct intel_memory_region *mem =3D arg; > 52 resource_size_t total =3D resource_size(&mem->region); > 53 resource_size_t page_size; > 54 resource_size_t rem; > 55 unsigned long max_pages; > 56 unsigned long page_num; > 57 LIST_HEAD(objects); > 58 int err =3D 0; > 59 > 60 page_size =3D mem->chunk_size; > 61 rem =3D total; > 62 retry: > > value_overwrite: Overwriting previous write to max_pages with value from > div64_u64(rem, page_size). > > 63 max_pages =3D div64_u64(rem, page_size); > 64 > 65 for_each_prime_number_from(page_num, 1, max_pages) { > 66 resource_size_t size =3D page_num * page_size; > 67 struct drm_i915_gem_object *obj; > 68 > 69 obj =3D i915_gem_object_create_region(mem, size, 0); > 70 if (IS_ERR(obj)) { > 71 err =3D PTR_ERR(obj); > 72 break; > 73 } > 74 > 75 err =3D i915_gem_object_pin_pages_unlocked(obj); > 76 if (err) { > 77 i915_gem_object_put(obj); > 78 break; > 79 } > 80 > 81 list_add(&obj->st_link, &objects); > 82 rem -=3D size; > 83 } > 84 > 85 if (err =3D=3D -ENOMEM) > 86 err =3D 0; > 87 if (err =3D=3D -ENXIO) { > 88 if (page_num * page_size <=3D rem) { > 89 if (mem->is_range_manager && max_pages > 1) { > > Unused value (UNUSED_VALUE) > assigned_value: Assigning value from max_pages >> 1 to max_pages here, > but that stored value is overwritten before it can be used. Yeah, that doesn't look good. AFAIK this should be fixed with d53ec322dc7d ("drm/i915/ttm: switch over to ttm_buddy_man"), which is in drm-tip, but I guess has not made its way over to linux-next yet. Thanks for the report. > > 90 max_pages >>=3D 1; > 91 goto retry; > 92 } > 93 > > The right shift to max_pages on line 90 is being overwritten on line 64 > on the retry. > > Colin